package com.pangu.util;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 * https工具
 *
 * @author cxlin
 *         2015/7/21 14:48
 */
public class HttpUtils {

    public static HostnameVerifier createTrustAllHostNameVerifier() {
        return new HostnameVerifier() {

            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };
    }

    public static SSLSocketFactory createTrustedSslSocketFactory(KeyStore keyStore) {
        X509TrustManager trustManager = null;
        if (keyStore == null) {
            trustManager = new TrustAllManager();

        } else {
            trustManager = new LocalTrustManager(keyStore);

        }

        TrustManager[] trustCerts = new TrustManager[]{trustManager};
        try {
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, trustCerts, new SecureRandom());
            return context.getSocketFactory();

        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Security exception configuring SSL context", e);
        }
    }

    private static class TrustAllManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    private static class LocalTrustManager implements X509TrustManager {
        private X509TrustManager localTrustManager;

        private LocalTrustManager(KeyStore keyStore) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory
                        .getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);

                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int index = 0; index < trustManagers.length; index++) {
                    if (trustManagers[index] instanceof X509TrustManager) {
                        localTrustManager = (X509TrustManager) trustManagers[index];
                    }
                }

            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();

            } catch (KeyStoreException e) {
                e.printStackTrace();
            }
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            localTrustManager.checkServerTrusted(chain, authType);
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return localTrustManager.getAcceptedIssuers();
        }
    }
}
